►
From YouTube: Cloud Custodian Community Meeting 2021-08-03
Description
Our community meeting is public and we encourage users and contributors of Cloud Custodian to attend! You can find the notes for this meeting on our github repo: https://github.com/cloud-custodian/community/discussions
To get an invite to the meeting join the google group and you'll receive one via email: https://groups.google.com/g/cloud-custodian Minutes for this meeting can be found here:
https://github.com/cloud-custodian/community/discussions
Join our community!
https://github.com/cloud-custodian/community
A
Welcome
everybody:
it
is
august
3rd
2021,
and
this
is
the
cloud
custodian
community
meeting,
I'm
your
host
for
the
day,
george
castro,
and
before
we
get
started.
Please
be
aware
that
there
is
a
code
of
conduct
in
effect
and
that
today's
meeting
is
being
recorded
and
will
be
put
on
youtube
as
well
as
the
chat
transcription.
A
A
All
right
looks
like
everyone's
everyone's
serious
business
today
all
right
agenda
items.
A
If
this
is
your
first
meeting
or
your
first
video
that
you're
watching,
we
have
an
agenda
that
we
publish
here
on
hackmd
and
then
what
I
do
is
I
take
all
of
these
notes
and
I
publish
them
to
github.com
cloud
custodian
community
and
I
always
make
sure
I
put
those
links
and
I'm
always
sending
those
to
the
google
group
as
well
so
check
out
the
list
if
you're
not
already
subscribed,
and
when
you
do
subscribe
to
the
google
group,
you
will
automatically
get
an
invite
to
this
meeting.
So
that's
how
that
works.
A
The
first
one
I
added
I
I'm
calling
this
called
for
demos.
Basically,
I
just
wanted
to
kind
of
tell
everyone
that
we
can
kind
of
run
this
meeting,
how
we
want
how
we
feel
is
most
useful
for
the
community.
A
So
last
meeting
someone
had
mentioned
how
they
were
using
cloud
custodian
in
a
certain
way,
and
everyone
thought
that
was
kind
of
cool.
So
I
think
it'd
be
kind
of
cool
if
we
just
had
a
reserved
spot
every
meeting
in
five
to
ten
minutes.
A
So
if
you
have
any
of
these
or
you
know
anyone,
that's
doing
anything
cool
and
wants
to
do
a
demo,
we
could
just
like
kind
of
make
that
a
fun
little
thing
kind
of
a
little
like
virtual
lightning
talk,
as
you
say
and
that'll,
maybe
add
a
little
more
bit
more
excitement
as
well
to
the
meeting.
So
we
don't
have
to
read
through
github's
issues
all
day,
long,
okay,
the
police,
any
questions
about
that
or
any
comments
or
ideas
that
anyone
wants
to
share
with
the
group.
On
that.
B
I
was
I
was
just
saying
to
in
the
chat
like
if
you
don't
have
a
demo,
but
you
know
someone
who
does
have
something
really
cool
yeah.
Please
feel
like.
Please
encourage
them,
although
yeah
no
pressure,
but
it's
always
so
fun
to
see
how
everyone
is
using
cloud
custodian,
especially
since
it
is
such
a
flexible
tool
so
yeah.
A
There's
nothing
better
than
being
voluntold
to
do
a
demo.
Okay,
any
other
comments
on
demos.
A
Policy
testing
is
next;
this
one
is
on
hold
since
marco
is
on
holiday,
but
there's
a
link
there.
If
you
want
to
leave
feedback
on
the
issue,
any
comments
on
this
one,
I
don't
think
so.
The
next
one
make
gitter
easier.
This
is
kind
of
like
my
long-term
project,
to
try
to
make
chatting
in
cloud
custodian
a
lot
more
fun
than
it
is.
I've
tried
two
or
three
different
new
clients
this
week
and
I'm
kind
of
settling
on
out
element
on
being
the
least
worst
one
so
element.
C
A
C
Threading,
so
sorry,
it's
probably
worth
framing
this
up.
Getter
is
a
is
owned
by
getters
owned
by
gitlab.
It's
been
it's
open
sourced
and
it
has
the
plus
side
of
anyone
who
can
get
to
it
via
web
browser.
We
have
social
auth,
enabled
getter
development
is
pretty
slow,
they've
partnered
up
with
matrix
foundation
to
support
matrix
bi-directional
communication
through.
C
A
A
Yeah,
it's
like
the
old
days
of
of
that,
so
I'll
keep
an
eye
out
for
that.
If
anybody
finds
anything
cool
or
very
interesting,
there's
a
wechat
plug-in
too,
but
I
didn't
want
to
go
too
far
back
into
like
my
90s
linux
life
so.
D
A
I
I
don't
know
if
I
should
admit
to
that
all
right:
next,
up,
regular
weekly
doc,
sprint
sessions,
li
liz
or
carl
or
liz,
and
you
you
want
to
give
the
group
an
update
on
our
little
our
sesh,
our
site.
B
It
was
I
I
mean
it
was
me,
george
and
carl
hi
carl.
I
see
you
and
we
were.
It
was
really
really
really
productive
got
a
lot
of
feedback
regarding
places
where
opportunities
where
the
documentation
can
be
improved
and
how
we
can
also
appear
or
accommodate
different
learning.
Styles.
Some
things
we
talked
about
were
breaking
breaking
things
down
into
smaller,
like
little
how-to
videos,
maybe
developing
some
tutorials.
B
Certain
topics
that
need
to
be
explained,
maybe
a
little
bit
more
clearly
or
more
in
depth
in
depth
such
as
c7,
org
and
c7
and
mailer,
and
we
actually
opened
our
first
pr
on
the
documentation.
B
So
it
can
also
be
a
really
cool
opportunity
for
folks
who
maybe
want
to
get
more
into
open
source
contribution
or
feeling
like
a
little
bit
intimidated
or
new
to
it.
Sometimes
it's
a
little
easier
to
come
on
in
you
know,
commenting
on
documentation,
pull
requests,
but
yeah.
We
actually
have
a
an
artifact
that
came
out
of
that
with
actual
improvements.
I
have
to
give
george
credit
for
this
one,
because
our
first
pr
was
about
removing
the
dollar
signs
from
all
of
the
run
commands.
B
Since
I
don't
know
about
the
rest
of
you,
but
I
have
definitely
fallen
victim
to
copy
pasta,
oh
wait.
I
wasn't
supposed
to
copy
that
pasta
so
yeah
it
was
really
awesome.
I
encourage
all
y'all
to
come
check
it
out
and
to
go
ahead
and
bring
something,
maybe
specific
that
you're.
D
B
This
piece
is
really
challenging
to
understand,
because
more
than
that,
I
think
it
was
also
a
very
validating
session
because
it
was
cool
to
be
like.
Oh
this,
other
person
has
had
trouble
with
this
as
well.
There
is
not
some
kind
of
like
I
don't
have
some
kind
of
deficiency
right
and.
E
B
I
imagine
that
has
the
additional
benefit
of
maybe
helping
soothe
that
impostor
syndrome
that
tends
to
affect
us
all
so
yeah
anything.
You
want
to
add
to
that
george
or
yeah.
A
Hey
now
we're
talking
about
installation
improvement.
So
that's
that's
always
good
carl
anything
to
add
about
the
the
doc
sprint.
I'm
going
to
try
to
do
a
pr
once
a
week
from
just
listening
to
people
talk
and
then,
in
the
background
I
I
think.
F
Oh
no,
no!
I
I
think
the
last
change
didn't
go
through
on
the
on
the
pr,
though
the
one
that
we
separated
by
my
os.
I
need
to
check,
because
I
made.
C
A
C
A
A
All
right
thanks
all
right,
rename
master
domain
and
github
could
feel
any
progress
on
this
one.
I
think
you've
been
on
the
road
all
week.
C
Yeah,
no,
I
just
need
to
double
check.
I
will
probably
kick
the
tires
on
a
on
a
fork
just
to
sanity
check
it
with
an
open
pr.
If
we
can,
if
we
do
that,
then
I
think
we'll
be
good
to
go.
A
C
C
C
The
only
I
think,
the
significant
major
thing
that
went
in
this
past
release
is
now
there's
a
deprecation
framework
and
validate,
has
optional,
will
validate
wall
log
deprecation
warnings
and
has
an
optional
mode
for
logging
them
as
exceptions,
and
the
intent
was
to
try
to
use
that
over
time
to
clean
up
some
of
our
compatibility,
syntax
that
we've
been
carrying
since
day
one
day,
one
being
five
years
ago,.
E
C
What
that
deprecation
policy
is
is
still
open-ended.
I
was
leaning
to
effectively
a
year
after
a
particular
syntax
was
deprecated
that
we
would
then
go
forward
with
that,
although
I'd
also
have
to
play
around
and
make
sure
that's
we're
in
the
same
version
scenario
that
lies,
we
have
technically
a
1.0
release,
inbound
at
some
point,
which
gives
us
some
opportunity
for
that
as
well.
So
there's
an
open
question
with
the
guards
and
it
probably
needs
us
back
with
regards
to
deprecations
and
what
are
paul's,
not
so
much
the
implementation.
C
We
needed
an
immigration
policy,
it
was
waiting
on
a
deprecation
implementation
which
we
have,
but
we
don't
necessarily
have
a
formal
policy
with
the
guards
too,
and
we
do
have
a
general.
Historically,
we've
had
a
policy
of
trying
to
be
backwards
compatible
with
the
exception
of
bugs
and
with
regards
to
the
deprecation
policy
that
represents
a
mechanism
for
us
to
cut
out
and
get
rid
of
outdated
syntax.
C
But
how
that
looks
like
from
an
end
user
perspective
over
time
is
the
question
and
also
how
that
looks
like
from
a
sem
version.
Semantic
versioning
perspective,
I
think,
is
an
open
question.
I
don't
know
that
we
would
necessarily
line
them
up
strictly,
but
then
we're
not
really
following
some
version.
So.
A
Yeah,
do
you
have
I'm
just
going
to
ask
you
random
questions
if
no
one
else's,
do
you
have
a
an
idea
for
like
a
deprecation
timeline
like?
Are
you
talking
like
a
year
based?
Are
you
talking
like
n
minus
two
or.
A
C
A
C
A
C
E
All
right
just
kind
of
one
question,
since
you
mentioned
the
validation
so
for
that
year
timeline
when
something
is
deprecated,
we
would
just
expect
that
when
we
wrap
when
we
validate
or
we
run,
it's
just
gonna
spit
out
a
warning
and
give
some
hint
about
that.
That
timeline.
C
Yeah
validate
will
split
out
a
warning
and
I
don't
know
if
we
have
the
annotation
stuff
in
there
to
support
the
year
marker
for
it.
Ideally,
it
would
be
something
that
would
it's,
ideally
something
that
would
actually
mainly
cut
over
so
that
way,
if
you
have
a
release-
and
you
don't
upgrade-
you
don't
get
hit
with
it,
so
to
speak,
so
it'd
be
an
explosive
flag
and
we'd
probably
need
some
sort
of
ci
thing
to
hey
the
year's
up.
C
You
know
gotta
gotta
switch
this
one
over
so
to
speak,
that's
just
an
ancillary
ci
script.
The
garbage
chair
revenge,
but
the
current
validate
command
support
will
automatically
output
application
warnings
and
has
a
flag
for
turning
up
treating
the
reserves.
E
A
B
I
don't
know
if
I
don't
know
if
this
is
like
related
or
would
be
in
scope
for
this.
But
would
there
also
be
like
I
guess
what
I'm
thinking
is
like
some
kind
of
resource
for
common
troubleshooting,
or
is
that
just
like
too
big
to
try
to
like
try
to
consider
like
all
those
like
kind
of
not
edge
cases,
but
just
how
to
help
people
through
it
or
does?
Is
this
something
that
generally
goes
smoothly
or
just
wondering
how
we
can
provide
some
kind
of.
C
B
C
I'm
not
exactly
entirely
sure
what
you're
referencing.
Are
you
talking
specific
to
upgrades,
or
are
you
talking
about
a
general
project
faq
with
your
common
errors.
C
Generally,
we
assume
that
we're
running
an
unattended
systems
that
are
auto
upgrading
so,
generally
speaking,
upgrades
have
been
smooth.
The
few
cases
where
they
have
not
been
smooth
are
related
to
us
fixing
a
bug
that
broke
something
that
shouldn't
have
worked
in
the
first
place.
A
E
Yeah
and
that
yeah
so
and
that's
I
I'm
excited
to
be
able
to
ask
this
in
a
with
a
group
like
this,
because
I
think
pipex
helps
right
now.
The
getting
started
has
people
manually,
creating
a
virtual
environment
installing
custodian
into
that
and
then
anytime
they're
going
to
use
it.
They
have
to
make
sure
that
that
environment's
activated
and
it's
just
it's
just
a
little
bit
of
a
chore,
pipex
kind
of
hides
all
that,
especially
when
you're
not
contributing.
If
you
just
want
to
use
a
tool,
use
a
pipex
install.
E
E
I
have
recommended
it
to
folks
in
the
past,
never
really
thought
about
recommending
it
officially
in
the
docs
until
the
project
got
pulled
under
the
the
python
packaging
authority
a
couple
months
back,
and
that
seems
like,
if
nothing
else,
that's
a
that's
a
symbolic
gesture
that
it's
a
it's
a
blessed
path
and
I
think
it
makes
some
uses
of
the
tool
a
little
bit
more
consistent,
predictable
and
removes
a
couple
foot
guns.
But
I'm
also
comfortable
with
it,
so
I'm
totally
biased.
So
if
anybody.
C
Else
has,
I
think
it's
super
helpful
for
people
that
are
not
python
users,
because
I've
seen
people
trip
up
on
stuff,
left
and
right,
and
so
there
is
some
nice
value
to
it.
As
far
as
documenting
that
usage,
I
think
it
would
actually
be
a
great
question
if
we
were
gonna
do
a
community
user
survey
of
how
do
you
actually
like?
How
do
you
install
custodian
like?
Are
you
running
your
own
docker?
Are
you
running
the
the
public
docker
images?
Are
you
doing
a
pip
install?
C
Are
you
checking
out
from
git
there's?
Actually
one
question
I
have
for
pipex
is:
can
it
also
do
a
get
install
of
of
a
m
so
speaker,
wheel
or
package
yeah.
E
Yeah
and
you
can
install
from
master
or
specific
branches
on
there
and
it'll
infer
the
package
name.
So
that's
yeah,
that's
that's
handy,
even
if
you're
using
master,
not
a
not
a
release
or
maine,
as
we
may
be
doing.
Yes,.
C
I
think
the
other,
so
we
currently
publish
fully
fully
frozen
dependency
trees,
which
should
play
well
with
this
as
well.
I
think
there
was
some
inkling
about,
and
I
think
this
probably
depends
on
how
much
of
a
pain
the
installer
stuff
is
insulate.
Installation
is
so.
This
represents
a
good
lightweight
thing
that
obviates
most
of
the
python
package
management
for
people.
C
The
other
consideration
was
whether
or
not
we
actually
just
want
to
ship
like
binary
like
something
compiled
like
and
one
other
question
that
came
up
in
the
context
of
cncf
was
package.
Signing
pi
pi
doesn't
currently
have
great
infrastructure
for
this.
It
is
under
development
sponsored
through
facebook.
I
know
that
there's
been
a
lot
more
supply
chain
type
of
attacks
and
just
trying
to
needle
through
what
we
can
do
for
users
to
give
them
that
additional
assurance.
C
Not
with
notary,
unfortunately,
because
notary
v1
does
not
support
the
signing,
doesn't
work
across
repos.
So
if
you
move
the
docker
image
to
a
different
location
effectively,
the
signing
breaks
v2
is
still
under
active
development.
Google
and
the
has
been
doing
stuff
with
the
cosine
project,
part
of
six
door.
That
does
is
lightweight
and
quite
usable
it.
So
at
least
we
could
pop
and
it
can
be
it's
effectively
a
detached
signature,
that's
also
published
to
the
registry.
C
We
could
do
that.
I
guess
I
would
also
be
interested
to
know
if
how
much
of
that
is
relevant
or
interesting
for
folks
on
this
call.
D
C
Okay,
but
the
pi
p
I
zoo
observer.
I
can
try
to
find
a
link.
It
was.
It
is
bewildering
bewilderingly
hard
to
find
this
stuff.
I
think
you
have
to
do
pi,
pi,
zulu,
tough
at
the
uf.
E
Runs
anywhere
python
is
yeah,
I
mean
the
install
install
across
platforms
is
pretty
pretty
consistent.
If
anything,
I
think
it's
a
little
bit
easier
than
pip
once
you
get
it
installed,
I
mean
the
the
issue
there
is
that
folks
are
going
to
generally
have
pip
available.
The
confusion
there
I
think
appeal
was
kind
of
alluding
to
this
earlier-
is
that
their
pip
may
be
pointing
somewhere
that
they
don't
want
it
to,
and
they
don't
know
it
until
they
try
to
install
stuff
and
it
breaks
so
so
pip
x
is.
A
C
I
think
the
question
is
also:
we
need
clients
that
are
also
going
to
do
verification
it
does
look
like
anaconda
has
some
support
for
it
already,
and
I
sorry
george,
I
dropped
you
some
links
to
if
you
look
on
the
the
warehouse
github
project
has
a
github
project
on
its
repo
just
for
the
this
tough
integration,
which
is
assigning
infrastructure,
integration,
okay,.
A
B
C
If
that's
where
people
are
actually
installing
from
not
particularly
useful
cosine
and
docker
images
is
possible,
but
it's
only
that
it
would
be
fantastic
to
actually
validate
how
often
that
actually
gets
used
all
right
if
we
could
but
yeah.
C
That's
a
different
question
I
had,
which
was
with
guard
image:
publishing
we're
currently
publishing
images
to
docker
hub
docker
hub
started
to
enforce
some
crazy
rate
limits.
If
there
is
consideration
about
publishing
to
some
of
the
cloud
provider
registries,
I
think
I've
pre-op.
C
I
think
I've
reserved
cloud
custodian
on
gcr
and
ecr
for
that
purpose,
but
also
don't
know
if
that's
gonna
be
useful
or
not.
C
A
C
C
Yeah,
actually,
I
think
that
so
we
published
like
four
docker
images
but
they're,
it's
more
based
on
the
functional
tool
you're
going
after
versus
the
versus
the
cloud
provider
itself.
We
unplug
the
omnibus
aspect
applies
or
is
in
reference
to
those
images
shipped
with
all
providers.
A
C
I
think
we're
just
noting
them
down
and
if
people
have
feedback
on
that
itself
or
are
interested
in
this
topic
of
what
we
should
be
doing
to
supporting
end
users
with
regards
to
supply
chain
attacks
and
via
package
signing,
definitely
interested.
C
I
think,
there's
open
question
there
as
well
for
potentially
a
user
community
survey
on
how
are
people
actually
installing
today.
E
Yeah,
you
can-
and
I
would
say
that
that
is,
that
is
all
worth
trying.
I
think
these
are
the
idea
of
how
end
users
are
installing
it
and
how
we're
building
or
signing
and
then
how
we're
publishing
seem
like
they're
all
related
issues,
but
we
can
sort
of
handle
some
of
them
independently,
like.
I
think
I
think,
if
we
use
pipex
that
could
be
independent
of
some
of
the
the
signing
stuff,
because
right
now
we're
just
telling
them
to
use
an
unsigned
pip
install
anyway.
A
A
All
right
before
we
move
on
to
pr's,
you
may,
or
you
want
to
run
over
the
events
we
have
coming
up
next
week.
D
Yeah
we
have
the
same
cloud
custodian
101
in
a
workshop
coming
up
next
week.
I
think
the
links
are
the
same
that
you
have,
which
is
the
date
changes
and
we
have
one
in
september.
So
I
was
about
to
log
out
to
pick
up
the
kids,
but
you
called
me
at
the
right
time.
Sorry.
A
All
right,
I
just
want
to
make
sure
everyone's
aware
that
we
do
have
those
those
workshops
and
stuff
so
tell
a
friend
that
would
be
most
useful
and
we've
got
those
is
this
next
week's
being
recorded?
I
don't
know
the
recording
schedule,
yeah.
D
A
D
A
Yeah
yeah
seem
to
be
the
overwhelming
favorite
for
the
next
content
that
we
make.
So
does
anybody
have
any
content
they'd
like
to
see
while
we're
on
it?
You
could
go.
I
got
this
good
luck.
F
A
All
right
with
that
that
wraps
up
the
formal
agenda,
normally
after
the
referral
agenda,
we
just
go
through
some
prs.
This
is
optional,
so,
if
you've
got
another
meeting
feel
free
to
bail,
if
not
we're
just
going
to
run
through
some
of
these
pr's
that
I've
that
we've
been
looking
at.
C
I
think
the
tcp
one
on
im's,
almost
in
a
good
state.
I
was
gonna
look
back
through
to
there's
a
config
rds
snapshot
that
I
was
trying
to
work
on
and
then
I
was
gonna
try
to
circle
back
to
british's
code
deploy
application.
One
are
the
three
aprs
and
trying
to
get
in
before
release,
and
then
they
want
to.
C
I
need
to
spend
a
little
more
time
with
todd's
error,
recording
tj's
error,
record
error,
recording
pr,
partly
in
reference
to
understanding
how
it
behaves
from
a
memory
perspective.
C
Since
it's
keeping
additional
copies
of
the
resource
set.
I
wasn't
sure
if
we
need
to
use
a
link
dictionary
there
but
yeah.
So
three
prs
in
particular
that
I'm
looking
at
and
as
far
as
release
and
then
hopefully
trying
to
cut
a
release.
A
C
C
And
then
at
post
release
we
we
do
a
dependency
upgrade
and
version
bump
and
trunk
so
that
we
can
distinguish
people
that
are
coming
to
us
with
errors
if
they
were
actually
on
our.
C
C
C
I
think
there's
two
other
people
that
haven't
had
it
step
on
gordon,
who
is
one
of
our
azure.
Actually
there's
five
people
sunny
mandeep,
stefan
and
myself,
or
four
people,
there's
a
bot
in
there
too.
A
A
C
A
Yeah
I'd,
I
don't
know
I
just
feel-
would
feel
way
better
if
other
people
that
aren't
you
could
really
so
we
can,
you
know,
spread
the
wealth
for
sure.
So,
okay,
all
right.
Let's,
let's
try
to
do
that.
If
not,
we
could
try
it
again
in
four
weeks
right
like
if
you
wake
up
and
you
look
at
your
schedule
and
you
got
to
get
the
release
out,
then
we
got
to
get
there.
C
A
A
Good
to
know,
let's
see
most
of
these,
I
think
we're
just
waiting
for
people
to
get
back
with
us
on,
so
we
don't
really
have
anything
burning
or
on
fire
unless
anyone
has
something
they
want
to
bring
up.
A
B
B
Lots
of
gratitude
for
everyone
showing
up
today
and
who's
been
showing
up.
You
know
the
past
couple
meetings
and
please
yeah
invite
your
friends
and
if
you
know
folks
who
are
like
trying
to
get
into
this
kind
of
stuff,
please
let
them
know
that
we
have
the
101s
and
the
workshops
and
yeah.
If
you
also
have
any
specific
places
where
you
think
the
documentation
could
be
an
opportunity
for
improvement,
please
go
ahead
and
let
us
know
and
yeah.
Thank
you
so
much
for
your
participation
in
these
meetings.
A
All
right
and
the
video
will
be
up
later
on
today,
worst
case
tomorrow,
and,
as
always,
the
notes
I
will
make
sure
I'm
sending
him
to
the
list
and
with
that
last
call
going
once
going
twice
all
right.
Thanks
everybody,
you
can
have
20
minutes
back
and
we'll
see
everyone
in
a
week.